SecureDrop 2.12.2 released

April 22, 2025

We’re pleased to announce that SecureDrop 2.12.2 has been released. Following a successful period of semiautomated migrations to Ubuntu Noble, we are beginning the first phase of automated upgrades. Approximately 20% of Application Servers will be automatically upgraded.

To learn more about this process, or if you receive pre-upgrade error notifications from OSSEC, please review our Noble upgrade guide.

If you experience issues with your upgrade or have any questions, please contact support.

What’s new in SecureDrop 2.12.2?

Ubuntu 24.04 (Noble) upgrade

Enable first phase of automated Noble upgrades (pull request)
Update Noble migration script to verify state of Ethernet interfaces (issue, pull request)
Update OSSEC configuration to suppress erroneous APT messages (issue, pull request)

Web applications and APIs

Upgrade pyo3 from 0.18.0 to 0.24.1 and update redwood to use its bound API (issue, pull request)
Dependency updates:
- Jinja2 from 3.1.3 to 3.1.6 (pull request)

Operations

Update admin tools to trim newlines from inputted GPG fingerprints (issue, pull request)

What administrators need to do

Please follow our upgrade guide and get in touch with us if you require assistance.

Tails has issued an emergency 6.14.2 release, which fixes several security vulnerabilities in the Linux kernel. If you have not already done so, please make certain to upgrade your Journalist and Admin Workstations to Tails 6.14.2 at your earliest convenience.

Acknowledgments

This release was made possible thanks to volunteer code contributions from Greg.

This release incorporates Freedom of the Press Foundation (FPF) contributions by Nathan Dyer, communications manager; Kunal Mehta, deputy release manager; Erik Moeller; Cory Francis Myers; Kevin O’Gorman, release manager; Francisco Rocha; and Rowen S.

Questions and comments

If you have questions or comments regarding this release, please contact us:

Via our Support Portal, if you are a member (membership is available to SecureDrop administrators on request)
Via securedrop@freedom.press (PGP encrypted) for sensitive security issues (please use judiciously), or submit a report via Bugcrowd

We also encourage you to file nonsensitive issues you encounter in our GitHub repository (issue report form).

Thank you for using SecureDrop!

Have a document to share?

You are not anonymous while using this browser!

Your Tor security settings are too low!

Set your Tor security level to "Safest" for maximum protection